Ransom32 is First JavaScript-Based Ransomware Affecting Windows, Mac and Linux

A new Ransomware as a Service, or RaaS, called Ransom32 has been discovered that for the first time uses a ransomware written in Javascript to infect Mac, Windows as well as Linux machines. the Ransom32 RaaS is a simple, but efficient, service where anyone can download and distribute their very own copy of the ransomware executable as long as they have a Bitcoin address.

Ransom32 is being traded on an underground TOR site, with the authors offering customized versions of the malware in return for a 25 percent cut of whatever money is generated. The Ransom32 RaaS is a simple, but efficient, service where anyone can download and distribute their very own copy of the ransomware executable as long as they have a Bitcoin address.

Security expert Fabian Wosar from Emsisoft first reported about the new ransomware family, which embedded in a self-extracting WinRAR archive, is using the NW.js platform for infiltrating the victims’ computers, and then holding their files by encrypting them with 128-bit AES encryption.

Why Ransom32 Uses NW.js Framework?

NW.js is essentially a framework that allows you to develop normal desktop applications for Windows, Linux and MacOS X using JavaScript. It is based upon the popular Node.js and Chromium projects.

So while JavaScript is usually tightly sandboxed in your browser and can’t really touch the system it runs upon, NW.js allows for much more control and interaction with the underlying operating system, enabling JavaScript to do almost everything “normal” programming languages like C++ or Delphi can do. The benefit for the developer is that they can turn their web applications into normal desktop applications relatively easily. For normal desktop application developers, it has the benefit that NW.js is able to run the same JavaScript on different platforms. So a NW.js application only needs to be written once and is instantly usable on Windows, Linux and MacOS X.

Because of this reason Ransom32 could easily be packaged for both Linux and Mac OS X. But the report says that at this point there is no such packages, which at least for the moment makes Ransom32 most likely Windows-only.

How to Protect Myself from Ransom32?

According to EMSISOFT, the best protection remains a solid and proven backup strategy. Using any top anti-malware or anti-virus program proved to be the second best defense.